Nuts and Bolts

Everyone has opinions and thoughts. Here are some of ours.

3 SSH tips: Ssh-agent, Tunnel, and Escaping from the Dead

There are a ton of ssh tips out there, and I thought that I surface 3 of them. Here are 3 ssh tips that I’ve learned over the years. Hope you find them useful 🎉

SSH Agent and Forwarding Keys

Typically when you when ssh into a server with a key other than your default key, you must specify the path to your key with the -i option like so:

ssh -i ~/.ssh/demo/id_rsa-1 ec2-user@52.42.239.80

Instead of having to specify the -i /path/to/ssh/key option repeatedly, you can use ssh-agent. With ssh-agent you can load your keys into memory with its ssh-add command. Ssh will automatically use the keys in memory. Here’s an example with a test server:

You can load as many keys into memory and ssh will try them consecutively until you get into the box. One thing to watch out for though is that some servers are configured to block you after 3 rapid unsuccessful attempts. I only keep 3 keys in memory for this reason. Also, to delete keys from memory:

$ ssh-add -D$ ssh-add -l
The agent has no identities.

Lastly, when using ssh-agent, it is useful know about the -A flag. This option forwards your keys in memory to the remote server you are accessing. This saves you from having to copy and paste the key onto that remote server if you want to then hop from that remote server to another server using the same keys. Let’s go inception on the server:

SSH Tunnel for local development

When you are developing, it is useful to have a publicly accessible url to test. For example, you may want to see what the your website looks like on an iPhone. You can achieve this with an ssh tunnel. An ssh tunnel forwards a port on a server to a port on your local machine. Here’s an example that forwards port 9000 on the server to my local machine’s port 4000.

ssh -f-N-q-R 9000:127.0.0.1:4000 ec2-user@52.42.239.80

Now I can hit http://52.42.239.80:9000, and it’s the same as hitting http://localhost:4000 😁 I can use that remote endpoint to see the website on my phone and any saved changes get reflected immediately, no deploy required.

Note, for this to work you need to unblock the firewall rule for port 9000 and need Gateway=yes configured in /etc/ssh/sshd_config on the server. If you do not have access to a server to do this, there are other options like ngrok or finch. They do the same thing, except as a paid service.

Escaping from a Dead Terminal

The final trick shows you how to escape from dead terminal hell. If you find yourself stuck in a dead terminal session and everything you type refuses to register. Instead of closing the whole terminal window, you can use the ~ .escape sequence. When you type ~ . (“tilde” and “period”) ssh will disconnect you even when the connection is dead.

Hope you found these tips helpful 😁

Thanks for reading this far. If you found this article useful, I'd really appreciate it if you share this article so others can find it too! Thanks 😁 Also connect with me on LinkedIn.